Why would you want to define risk weights?
The Vulcan Cyber ExposureOS platform incorporates different contextual attributes to produce a dynamic risk score for each vulnerability in your environment. The system allows you to set your own weights for the different attributes and choose which aspects are more important to you.
When defining risk priority weights, you can set different weights for CVE-based vulnerabilities (which have threat feeds) and non-CVE-based vulnerabilities (which do not have threat feeds). This keeps a level playing field, giving vulnerabilities a more accurate risk score based on their attributes.
Define risk weights
To define your risk priority weights:
Go to Settings > Risk.
Set the numbers (weights) for each attribute. The values in each row must add up to one.
Use the table to set different weights for the attributes that define the risk for each finding (instance):
Attribute | Description |
Severity | CVSS or other scores as provided by the scanning vendor. |
Threats | Exploits, malware, and other threat intelligence retrieved. |
Tags | The tags' impact (high, medium, low) on the vulnerable assets. |
